Magecart hackers targeting e-commerce sites counterfeit shoes


A new investigation from Malwarebytes has found that hackers are inserting malicious code into hundreds of e-commerce websites that are selling counterfeit shoes but are advertising them as from popular brands like Nike, Adidas, and Converse.

The counterfeit e-commerce industry has come under the same kind of attack that has devastated the global e-commerce industry over the past year- the use of malicious scripts by hackers to steal payment card information from the checkout pages of e-commerce websites without being detected.

“We recently identified a credit card skimmer injected into hundreds of fraudulent sites selling brand name shoes. Unfortunate shoppers may not only be disappointed with the faux merchandise, but they will also relinquish their personal and financial data to Magecart fraudsters,” said security firm Malwarebytes in a blog post.

The global counterfeit industry is already inflicting losses to the tune of hundreds of millions to genuine brands whose brand names and products they misuse and copy to defraud innocent shoppers and earn a lot of money in the process.

Considering that hundreds of websites selling counterfeit shoes by marketing them as Nike, Adidas, and Converse products are presently being targeted by Magecart hackers, unsuspecting buyers will not only become victims of fraud but will also see their financial information compromised by hackers.

Websites selling counterfeit shoes used outdated Magento and PHP software

According to Malwarebytes, hackers looking to steal payment card details from e-commerce websites targeted every single web domain that used Sucuri’s SiteCheck and used the same outdated software such as Magento e-commerce under 1.9.4.2 and PHP under 5.6.40.

The firm noted that it is likely that hackers behind the skimming operation used a malicious scanner to crawl these IP ranges and exploited the same vulnerability to compromise each and every one of those counterfeit sites.

It added that the skimming code was appended to a JavaScript file called translate.js and data stolen from websites selling counterfeit shoes such as billing addresses and credit card numbers was exfiltrated to a server in China at 103.139.113[.]34.

The list of e-commerce websites that sold counterfeit shoes by advertising them as Nike, Adidas, and Converse products and had malicious skimmers in their code is available to view on Malwarebyte’s blog post. The firm said that to prevent hackers from stealing their credit card information, buyers should minimise the number of times they enter their credit card information on shopping websites and should check if the websites they visit are being maintained properly.

“Given the multitude of external content on modern web pages, especially on e-commerce websites, it’s extremely complicated to maintain an updated inventory of legitimate external scripts and trackers. Worse, grey e-commerce websites often ignore even the very fundamentals of web application security putting their customers’ data at huge risk. Eventually, the customers are left without any legal recourse given that such websites are located in offshores jurisdictions unreachable under GDPR or CCPA,” says Ilia Kolochenko, founder and CEO of ImmuniWeb.

“Magecart attacks [and its vectors] have been around for almost a decade, but now their sophistication and complexity are rapidly evolving, making it an arduous task to detect them. Oftentimes, malicious scripts will remain unnoticed by automated security scanning, disguising themselves as innocent third-party JavaScript,” he adds.

ALSO READ: Smith & Wesson data breach: Magecart hackers struck gold on Black Friday



Source link